[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: "Scott Rose" <scottr@antd.nist.gov>
Cc: <Ted.Lindgreen@tednet.nl>, "Dan Massey" <masseyd@isi.edu>, "Jakob Schlyter" <jakob@crt.se>, "Miek Gieben" <miekg@nlnetlabs.nl>, <dnssec@cafax.se>
From: Simon Josefsson <simon+dnssec@josefsson.org>
Date: 20 Apr 2001 15:41:16 +0200
In-Reply-To: <004a01c0c99c$05cd5dc0$b9370681@antd.nist.gov> ("Scott Rose"'s message of "Fri, 20 Apr 2001 09:15:50 -0400")
Sender: owner-dnssec@cafax.se
User-Agent: Gnus/5.090003 (Oort Gnus v0.03) Emacs/21.0.102
Subject: Re: Keys at apex problem - New PUBKEY RR?

"Scott Rose" <scottr@antd.nist.gov> writes:

> against:
> 1.  Already deployed for certificates, not just keys (violating the intended
> use of the CERT RR).

Since CRLs (definitely not the same thing as certificates) are already
allowed in CERT RR's I think the CERT RR document itself shows that
the intent wasn't to restrict itself to only certificates, but rather
a fussy security-related-information type of RR.  Are any of the
authors here to provide some insight?

> 2.  Have to modify existing DNS implementations and other apps that use KEY
> queries.

They probably have to modified anyway if the problem discussed in this
thread needs to be solved.

> Since Dan and I are just "editors" and cannot make any changes without
> concensus, if the WG things option 3 is the way to go, I'm all for it.

<aol>Me too.</aol>


Home | Date list | Subject list